<?php
//要过滤的非法字符
$ArrFiltrate=array("union","<script","/script>","select","alert","javascript","<table","<td","\"","\'","delete","vbscript","applet","frame","<div","update","union ","select ","delete ","update ","and ",";","update","\x");

//出错后要跳转的url,不填则默认前一页

$StrGoUrl="";

//是否存在数组中的值

function FunStringExist($StrFiltrate,$ArrFiltrate){

foreach ($ArrFiltrate as $key=>$value){

if (eregi($value,$StrFiltrate)){

return true;

}

}

return false;

}

//合并$_POST 和 $_GET
//echo $HTTP_POST_VARS["username"];

if(function_exists('array_merge')){

$ArrPostAndGet=array_merge($_POST,$_GET);

}else{

foreach((array)$_POST as $key=>$value){

$ArrPostAndGet[]=$value;

}

foreach((array)$_GET as $key=>$value){

$ArrPostAndGet[]=$value;

}

}

//验证开始

foreach($ArrPostAndGet as $key=>$value){

if (FunStringExist($value,$ArrFiltrate)){

echo "<script language=javascript>alert('The Input String Is Error!');</script>";

if (empty($StrGoUrl)){

echo "<script language=javascript>window.location='index.php';</script>";

}else{

echo "<script language=javascript>window.location='index.php';</script>";

}

exit;

}

}
?>
